Skip to Content

SH1MMER ChromeBook Exploit

An exploit known as SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment Retreat) has the capacity to unenroll enterprise- and school-managed ChromeBooks from administrative policies as set in the Google Admin console. Google is working on addressing the issue.

SH1MMER menu.


  • If you’re reliant on your managed mode for your Chromebook fleet, you’re going to need to monitor to make sure they remain enrolled until Google’s patch can be deployed. Effectively, you boot from external media, run the code which both unenrolls the device and puts it in developer mode. If you’re researching this behavior, make sure that you’re using a valid shim, as some will brick the Chromebook. If you’re creating a device that supports developer and managed modes, create two accounts before enrolling: first in developer mode, the second enrolled.
  • This exploit requires direct access to the ChromeBook. While that may be appealing for users of enrolled and managed ChromeBooks, it is likely a violation of enterprise IT security policies and violators would be held accountable. Physical access to devices (laptops, desktops, etc.) open up a number of potential new attack vectors that can be used by an adversary


Chrome OS RMA shim

Chromium OS Factory Bundle

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on